BPM and Compliance

Compliance is most important and critical aspect of any business. One of the challenges is adherence to multiple standards. BPM based solutions can take care of these compliance to multiple standards.

Consider for example SOX requires adherence to ‘Segregation of Duties’ as one of the requirements. This can be implemented using a proper Access Rights within an application. If you are adhering to ISO/IEC 27002 (Information Security) compliance, there is similar requirement. The Section 11.2.4 requires Review of user access rights and privileges.

BPM based solution can monitor or extract the process executed, validate the access rights and privileges. It can also provide information about the compliance to standards.

The challenge is identifying these kinds of overlapping requirements and designing the process.